IETF Logo Mail Archive

Re: [DNSOP] m.root-servers.net DNSSEC TCP failures

Nicholas Weaver <nweaver@ICSI.Berkeley.EDU> Wed, 17 March 2010 12:31 UTC

Return-Path: <nweaver@ICSI.Berkeley.EDU>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D37183A6C1C for <dnsop@core3.amsl.com>; Wed, 17 Mar 2010 05:31:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.614
X-Spam-Level:
X-Spam-Status: No, score=-5.614 tagged_above=-999 required=5 tests=[AWL=-0.145, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x3YUew0G8E00 for <dnsop@core3.amsl.com>; Wed, 17 Mar 2010 05:31:11 -0700 (PDT)
Received: from fruitcake.ICSI.Berkeley.EDU (fruitcake.ICSI.Berkeley.EDU [192.150.186.11]) by core3.amsl.com (Postfix) with ESMTP id 623E03A6BE6 for <dnsop@ietf.org>; Wed, 17 Mar 2010 05:31:11 -0700 (PDT)
Received: from [IPv6:::1] (jack.ICSI.Berkeley.EDU [192.150.186.73]) by fruitcake.ICSI.Berkeley.EDU (8.12.11.20060614/8.12.11) with ESMTP id o2HCVFkU015410; Wed, 17 Mar 2010 05:31:15 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="us-ascii"
From: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
X-Priority: 3
In-Reply-To: <CF3EE840-0D45-4321-ABC4-31F4D186F9E6@rfc1035.com>
Date: Wed, 17 Mar 2010 05:31:15 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <E94DC708-008B-49C5-8728-3F9AD106BF5F@icsi.berkeley.edu>
References: <3DBA4D6ECA684CE0AB62B1760AB64B65@localhost> <CF3EE840-0D45-4321-ABC4-31F4D186F9E6@rfc1035.com>
To: Jim Reid <jim@rfc1035.com>
X-Mailer: Apple Mail (2.1077)
Cc: George Barwood <george.barwood@blueyonder.co.uk>, dnsop@ietf.org, Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
Subject: Re: [DNSOP] m.root-servers.net DNSSEC TCP failures
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Mar 2010 12:31:12 -0000

On Mar 17, 2010, at 5:23 AM, Jim Reid wrote:

> On 17 Mar 2010, at 11:28, George Barwood wrote:
> 
>> It seems that  m.root-servers.net is now serving DNSSEC, but does not have TCP, so the following queries all fail
> 
> Well these queries work just fine for me. Perhaps your problems are caused by local misconfiguration such as a broken CPE/middleware box or DNS proxy?

I think its that its agressively multihomed, and ONE of the instances is not working with TCP.

My home net happily lets through anything on port 53, TCP or UDP, and I'm seeing the same symptoms, but a little more data:

I think there may be something more wrong with that instance thats causing the TCP failures, so it might be something more general:

--- m.root-servers.net ping statistics ---
16 packets transmitted, 5 packets received, 68.8% packet loss
round-trip min/avg/max/stddev = 223.651/1423.662/2222.722/747.819 ms

--- l.root-servers.net ping statistics ---
7 packets transmitted, 7 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 85.971/87.705/89.645/1.164 ms

v2.23.0 | Report a Bug | By Email